Vulnerability-Lookup

CVE-2011-1095 (GCVE-0-2011-1095)

Vulnerability from cvelistv5 – Published: 2011-04-10 01:29 – Updated: 2024-08-06 22:14

Summary

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://security.gentoo.org/glsa/glsa-201011-01.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/archive/1/520102/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/46397	third-party-advisoryx_refsource_SECUNIA
	http://sourceware.org/git/?p=glibc.git%3Ba=patch%…	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-04…	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=625893	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0863	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/43989	third-party-advisoryx_refsource_SECUNIA
	http://openwall.com/lists/oss-security/2011/03/08/8	mailing-listx_refsource_MLIST
	http://sources.redhat.com/bugzilla/show_bug.cgi?i…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/43830	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-04…	vendor-advisoryx_refsource_REDHAT
	http://bugs.gentoo.org/show_bug.cgi?id=330923	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/43976	third-party-advisoryx_refsource_SECUNIA
	http://openwall.com/lists/oss-security/2011/03/08/21	mailing-listx_refsource_MLIST
	http://sourceware.org/bugzilla/show_bug.cgi?id=11904	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/03/08/22	mailing-listx_refsource_MLIST
	http://securitytracker.com/id?1025286	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201011-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
          },
          {
            "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
          },
          {
            "name": "46397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46397"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259"
          },
          {
            "name": "RHSA-2011:0412",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
          },
          {
            "name": "ADV-2011-0863",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0863"
          },
          {
            "name": "43989",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43989"
          },
          {
            "name": "[oss-security] 20110308 glibc locale escaping issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904"
          },
          {
            "name": "MDVSA-2011:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
          },
          {
            "name": "43830",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43830"
          },
          {
            "name": "RHSA-2011:0413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12272",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272"
          },
          {
            "name": "43976",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43976"
          },
          {
            "name": "[oss-security] 20110308 Re: glibc locale escaping issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/21"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904"
          },
          {
            "name": "[oss-security] 20110308 Re: glibc locale escaping issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/22"
          },
          {
            "name": "1025286",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025286"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201011-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
        },
        {
          "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
        },
        {
          "name": "46397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46397"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259"
        },
        {
          "name": "RHSA-2011:0412",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
        },
        {
          "name": "ADV-2011-0863",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0863"
        },
        {
          "name": "43989",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43989"
        },
        {
          "name": "[oss-security] 20110308 glibc locale escaping issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904"
        },
        {
          "name": "MDVSA-2011:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
        },
        {
          "name": "43830",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43830"
        },
        {
          "name": "RHSA-2011:0413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12272",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272"
        },
        {
          "name": "43976",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43976"
        },
        {
          "name": "[oss-security] 20110308 Re: glibc locale escaping issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/21"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904"
        },
        {
          "name": "[oss-security] 20110308 Re: glibc locale escaping issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/22"
        },
        {
          "name": "1025286",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025286"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1095",
    "datePublished": "2011-04-10T01:29:00.000Z",
    "dateReserved": "2011-02-24T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:14:27.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-423

Vulnerability from certfr_avis - Published: 2011-08-01 - Updated: 2011-08-01

De multiples vulnérabilités affectant différents logiciels inclus dans VMware ESX Console OS (COS) ont été corrigées.

Description

Plusieurs logiciels vulnérables inclus dans VMware ESX Console OS ont été mis à jour par l'éditeur :

DHCP est mis à jour pour corriger une vulnérabilité permettant à un utilisateur malveillant distant de provoquer un déni de service et d'exécuter du code arbitraire (CVE-2011-0997) ;
glibc est mise à jour pour corriger de multiples vulnérabilités exploitables localement (CVE 2010-0296, CVE-2011-0536, CVE-2011-997 et CVE-2011-1071).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware fourni pour l'instant des correctifs pour la version 4.1 d'ESX. Les correctifs pour les versions 4.0 et 3.5 ont été annoncés.

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ESX 3.0.x ;
VMware	N/A	VMware ESX 4.1.x.
VMware	N/A	VMware ESX 3.5.x ;
VMware	N/A	VMware ESX 4.0.x ;

References

Title

Publication Time

Tags

Avis de sécurité VMware VMSA-2011-0010 du 28 juillet 2011	None	vendor-advisory
Avis CERTA CERTA-2011-AVI-193 :	-	other
Avis CERTA CERTA-2011-AVI-190 :	-	other
Bulletin de sécurité VMware VMSA-2011-0010 du 28 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX 3.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.1.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs logiciels vuln\u00e9rables inclus dans VMware ESX Console OS ont\n\u00e9t\u00e9 mis \u00e0 jour par l\u0027\u00e9diteur :\n\n-   DHCP est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    utilisateur malveillant distant de provoquer un d\u00e9ni de service et\n    d\u0027ex\u00e9cuter du code arbitraire (CVE-2011-0997) ;\n-   glibc est mise \u00e0 jour pour corriger de multiples vuln\u00e9rabilit\u00e9s\n    exploitables localement (CVE 2010-0296, CVE-2011-0536, CVE-2011-997\n    et CVE-2011-1071).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nVMware fourni pour l\u0027instant des correctifs pour la version 4.1 d\u0027ESX.\nLes correctifs pour les versions 4.0 et 3.5 ont \u00e9t\u00e9 annonc\u00e9s.\n",
  "cves": [
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2011-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0536"
    },
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    }
  ],
  "initial_release_date": "2011-08-01T00:00:00",
  "last_revision_date": "2011-08-01T00:00:00",
  "links": [
    {
      "title": "Avis CERTA CERTA-2011-AVI-193 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-193/"
    },
    {
      "title": "Avis CERTA CERTA-2011-AVI-190 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-190/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0010 du 28 juillet    2011 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0010.html"
    }
  ],
  "reference": "CERTA-2011-AVI-423",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant diff\u00e9rents logiciels inclus dans\nVMware ESX Console OS \u003cspan class=\"textit\"\u003e(COS)\u003c/span\u003e ont \u00e9t\u00e9\ncorrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 VMware VMSA-2011-0010 du 28 juillet 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-571

Vulnerability from certfr_avis - Published: 2011-10-18 - Updated: 2011-10-18

De nombreuses vulnérabilités présentes dans des bibliothèques tierces parties utilisées par VMWare ESX et VMWare ESXi ont été corrigées.

Description

VMWare a corrigé un nombre conséquent de vulnérabilités dans des bibliothèques tierces utilisées par VMWare ESX et VMWare ESXi.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMWare ESXi 4.0.
	VMware	ESXi	VMWare ESX 4.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMWare WMSA-2011-0012 du 12 octobre 2011	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2011-0012 du 12 octobre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare ESXi 4.0.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX 4.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nVMWare a corrig\u00e9 un nombre cons\u00e9quent de vuln\u00e9rabilit\u00e9s dans des\nbiblioth\u00e8ques tierces utilis\u00e9es par VMWare ESX et VMWare ESXi.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1083"
    },
    {
      "name": "CVE-2011-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1010"
    },
    {
      "name": "CVE-2010-4346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4346"
    },
    {
      "name": "CVE-2010-3477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3477"
    },
    {
      "name": "CVE-2010-4263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4263"
    },
    {
      "name": "CVE-2010-3859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3859"
    },
    {
      "name": "CVE-2011-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
    },
    {
      "name": "CVE-2010-4255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4255"
    },
    {
      "name": "CVE-2010-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2938"
    },
    {
      "name": "CVE-2010-4072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4072"
    },
    {
      "name": "CVE-2010-4655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4655"
    },
    {
      "name": "CVE-2010-3865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3865"
    },
    {
      "name": "CVE-2010-4343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4343"
    },
    {
      "name": "CVE-2010-3877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3877"
    },
    {
      "name": "CVE-2011-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
    },
    {
      "name": "CVE-2010-4526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4526"
    },
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2010-4249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4249"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2010-3086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3086"
    },
    {
      "name": "CVE-2011-0282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0282"
    },
    {
      "name": "CVE-2011-1090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1090"
    },
    {
      "name": "CVE-2010-3442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3442"
    },
    {
      "name": "CVE-2010-4161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4161"
    },
    {
      "name": "CVE-2010-3015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3015"
    },
    {
      "name": "CVE-2011-1478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1478"
    },
    {
      "name": "CVE-2010-4157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4157"
    },
    {
      "name": "CVE-2011-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0536"
    },
    {
      "name": "CVE-2010-3699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3699"
    },
    {
      "name": "CVE-2010-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3066"
    },
    {
      "name": "CVE-2010-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3067"
    },
    {
      "name": "CVE-2010-4248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4248"
    },
    {
      "name": "CVE-2010-2942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2942"
    },
    {
      "name": "CVE-2010-4243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4243"
    },
    {
      "name": "CVE-2011-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1658"
    },
    {
      "name": "CVE-2010-3880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3880"
    },
    {
      "name": "CVE-2010-3858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3858"
    },
    {
      "name": "CVE-2010-3904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3904"
    },
    {
      "name": "CVE-2010-4247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4247"
    },
    {
      "name": "CVE-2010-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3296"
    },
    {
      "name": "CVE-2010-3078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3078"
    },
    {
      "name": "CVE-2010-4073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4073"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2010-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
    },
    {
      "name": "CVE-2011-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0521"
    },
    {
      "name": "CVE-2010-4075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4075"
    },
    {
      "name": "CVE-2010-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4083"
    },
    {
      "name": "CVE-2011-0281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0281"
    },
    {
      "name": "CVE-2010-4081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4081"
    },
    {
      "name": "CVE-2010-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2492"
    },
    {
      "name": "CVE-2010-3876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3876"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    },
    {
      "name": "CVE-2010-4080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4080"
    },
    {
      "name": "CVE-2010-4238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4238"
    },
    {
      "name": "CVE-2010-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4242"
    },
    {
      "name": "CVE-2010-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2798"
    },
    {
      "name": "CVE-2011-0710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0710"
    },
    {
      "name": "CVE-2010-4158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4158"
    },
    {
      "name": "CVE-2010-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3432"
    },
    {
      "name": "CVE-2010-2943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2943"
    },
    {
      "name": "CVE-2011-1495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
    }
  ],
  "initial_release_date": "2011-10-18T00:00:00",
  "last_revision_date": "2011-10-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0012 du 12 octobre    2011 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    }
  ],
  "reference": "CERTA-2011-AVI-571",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans des biblioth\u00e8ques tierces\nparties utilis\u00e9es par \u003cspan class=\"textit\"\u003eVMWare ESX\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eVMWare ESXi\u003c/span\u003e ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans VMWare ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare WMSA-2011-0012 du 12 octobre 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-193

Vulnerability from certfr_avis - Published: 2011-04-06 - Updated: 2011-04-06

Une erreur dans la commande locale de la glibc a été corrigée. Elle permet à un utilisateur malveillant d'élever ses privilèges.

Description

Un utilisateur malveillant pouvant manipuler certaines variables d'environnement, peut faire exécuter du code arbitraire à un autre utilisateur qui manipulerait ces variables via un script. Les privilèges accordés au code arbitraire seront alors ceux du script.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Bibliothèque GNU C (glibc) versions strictement inférieures à 2.13.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité RedHat RHSA-2011:0412 du 04 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eBiblioth\u00e8que GNU C (glibc) versions strictement inf\u00e9rieures \u00e0  2.13.\u003c/P\u003e",
  "content": "## Description\n\nUn utilisateur malveillant pouvant manipuler certaines variables\nd\u0027environnement, peut faire ex\u00e9cuter du code arbitraire \u00e0 un autre\nutilisateur qui manipulerait ces variables via un script. Les privil\u00e8ges\naccord\u00e9s au code arbitraire seront alors ceux du script.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    }
  ],
  "initial_release_date": "2011-04-06T00:00:00",
  "last_revision_date": "2011-04-06T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-193",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une erreur dans la commande \u003cspan class=\"textit\"\u003elocale\u003c/span\u003e de la\nglibc a \u00e9t\u00e9 corrig\u00e9e. Elle permet \u00e0 un utilisateur malveillant d\u0027\u00e9lever\nses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la glibc",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2011:0412 du 04 avril 2011",
      "url": "http://rhn.redhat.com/errata/RHSA-2011-0412.html"
    }
  ]
}

CERTA-2013-AVI-267

Vulnerability from certfr_avis - Published: 2013-04-23 - Updated: 2013-04-23

De multiples vulnérabilités ont été corrigées dans Avaya Communication Manager. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Avaya Communication Manager versions antérieures à 5.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Avaya du 19 avril 2013	None	vendor-advisory
Bulletin de sécurité Avaya ASA-2012-094 du 19 avril 2013	-	other
Bulletin de sécurité Avaya ASA-2012-155 du 19 avril 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAvaya Communication Manager versions ant\u00e9rieures \u00e0 5.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
    },
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    }
  ],
  "initial_release_date": "2013-04-23T00:00:00",
  "last_revision_date": "2013-04-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-094 du 19 avril 2013",
      "url": "https://downloads.avaya.com/css/P8/documents/100157565"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-155 du 19 avril 2013",
      "url": "https://downloads.avaya.com/css/P8/documents/100160531"
    }
  ],
  "reference": "CERTA-2013-AVI-267",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Communication Manager\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Communication Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya du 19 avril 2013",
      "url": null
    }
  ]
}

FKIE_CVE-2011-1095

Vulnerability from fkie_nvd - Published: 2011-04-10 02:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://bugs.gentoo.org/show_bug.cgi?id=330923	Exploit, Patch
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/08/21	Exploit, Patch
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/08/22
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/08/8	Exploit, Patch
secalert@redhat.com	http://secunia.com/advisories/43830	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/43976	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/43989	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/46397
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201011-01.xml	Vendor Advisory
secalert@redhat.com	http://securitytracker.com/id?1025286
secalert@redhat.com	http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904	Exploit
secalert@redhat.com	http://sourceware.org/bugzilla/show_bug.cgi?id=11904	Exploit
secalert@redhat.com	http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0412.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0413.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/520102/100/0/threaded
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0863	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=625893	Exploit, Patch
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272
af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=330923	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/21	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/22
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/8	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43830	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43976	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43989	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46397
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201011-01.xml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025286
af854a3a-2127-422b-91ae-364da2661108	http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/bugzilla/show_bug.cgi?id=11904	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0412.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0413.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/520102/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0863	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=625893	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272

Impacted products

Vendor	Product	Version
gnu	glibc	*
gnu	glibc	1.00
gnu	glibc	1.01
gnu	glibc	1.02
gnu	glibc	1.03
gnu	glibc	1.04
gnu	glibc	1.05
gnu	glibc	1.06
gnu	glibc	1.07
gnu	glibc	1.08
gnu	glibc	1.09
gnu	glibc	1.09.1
gnu	glibc	2.0
gnu	glibc	2.0.1
gnu	glibc	2.0.2
gnu	glibc	2.0.3
gnu	glibc	2.0.4
gnu	glibc	2.0.5
gnu	glibc	2.0.6
gnu	glibc	2.1
gnu	glibc	2.1.1
gnu	glibc	2.1.1.6
gnu	glibc	2.1.2
gnu	glibc	2.1.3
gnu	glibc	2.1.3.10
gnu	glibc	2.1.9
gnu	glibc	2.2
gnu	glibc	2.2.1
gnu	glibc	2.2.2
gnu	glibc	2.2.3
gnu	glibc	2.2.4
gnu	glibc	2.2.5
gnu	glibc	2.3
gnu	glibc	2.3.1
gnu	glibc	2.3.2
gnu	glibc	2.3.3
gnu	glibc	2.3.4
gnu	glibc	2.3.5
gnu	glibc	2.3.6
gnu	glibc	2.3.10
gnu	glibc	2.4
gnu	glibc	2.5
gnu	glibc	2.5.1
gnu	glibc	2.6
gnu	glibc	2.6.1
gnu	glibc	2.7
gnu	glibc	2.8
gnu	glibc	2.9
gnu	glibc	2.10
gnu	glibc	2.10.1
gnu	glibc	2.10.2
gnu	glibc	2.11
gnu	glibc	2.11.1
gnu	glibc	2.11.2
gnu	glibc	2.11.3
gnu	glibc	2.12.0
gnu	glibc	2.12.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FC02B2-EEB1-40EA-ADE5-479ED3FC11A7",
              "versionEndIncluding": "2.12.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA23C241-132B-423E-A22A-7206A8074D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F79978B1-8831-4169-B815-80138C85832C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "991EB676-F043-418D-BD81-0BB937236D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA0C5DB0-602E-4296-884C-60E24FC80458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "3211F47C-DF6D-4355-95F8-DED317700621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "229BFD88-A90F-4D2B-97B9-822A7D87EAEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE253B0-D8E0-4099-8CA7-8925B4809F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "D640F556-8181-4F15-B2F7-7EC7E8869FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "061383CD-B9AD-41C6-8C46-F79870B9CD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "9897B03F-A457-4B29-9C5E-FEA084D3BF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C3684B-CE01-46B5-9E41-BF58E6A5AA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFD93D5-70BB-475C-BDD3-DEDE9965C5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F23D2F-A01F-4949-A917-D1164E14EAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "64576C9A-FCD9-4410-B590-AB43F9F85D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "229AC4E3-AFBA-4EF4-8534-8FBE1E630253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B91503A-E8DC-4DFF-98D4-687B5AE41438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "241A4B59-7BBC-4656-93AC-7DD8BE29EB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00D0DBDC-1559-406D-AADC-12B5ABDD2BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5294FCC-3933-4CD5-8DFE-BCDC00F4BD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5CA3E33-7CC6-4AC5-999A-3C46D7FD14A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAADC158-B7EF-4135-B383-0DA43065B43E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "261A4A17-3B9E-46E6-897B-DB0C8358A1D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAC8483-5060-428B-8D8E-C30E5823BB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A511B6-72EC-4200-8C1C-BDE30BC2431A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03C644D-0EF9-4586-96D5-5DEE78D9D5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "47AD8A88-DAF0-4206-8661-70075BA2AE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AD17CD-545F-425A-92CF-0EE5F5B5F74E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0B9503-9AD0-4A1A-BD4F-4B902BFC8E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0660536D-7F82-4B91-8B84-704D26FE989F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037E8C-43E8-4121-B877-1834282ACD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFCA5E85-9AFA-429A-AC51-8D8EC2841330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D41ABE25-DECD-4068-93DA-0B85281FD93A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "84600406-0CE2-46EA-A5AD-4CC0D3494AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96FA9ED-7529-440D-984D-6340B94D8243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3D70AB0-2910-4191-9980-5BA78E8F2E11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A93600D-7271-4AF5-8133-C6AA5BC8543F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0B4AFFF-A537-44BD-B97A-EFA9409DB8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function."
    },
    {
      "lang": "es",
      "value": "locale/programs/locale.c  en la librer\u00eda C GNU (tambi\u00e9n conocido como glibc o libc6) anterior a v2.13 no formatea su salida, permitiendo a usuarios locales ganar privilegios mediante una variable de entorno localization manipulada, junto con un programa que ejecuta un script que usa la funci\u00f3n eval."
    }
  ],
  "id": "CVE-2011-1095",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-10T02:55:01.540",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/21"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/22"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43830"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43976"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43989"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1025286"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0863"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1095

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1095

Aliases

CVE-2011-1095

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1095",
    "description": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.",
    "id": "GSD-2011-1095",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-1095.html",
      "https://access.redhat.com/errata/RHSA-2012:0125",
      "https://access.redhat.com/errata/RHSA-2011:0413",
      "https://access.redhat.com/errata/RHSA-2011:0412",
      "https://linux.oracle.com/cve/CVE-2011-1095.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1095"
      ],
      "details": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.",
      "id": "GSD-2011-1095",
      "modified": "2023-12-13T01:19:08.577050Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-1095",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/46397",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/46397"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/520102/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-201011-01.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
          },
          {
            "name": "http://bugs.gentoo.org/show_bug.cgi?id=330923",
            "refsource": "MISC",
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923"
          },
          {
            "name": "http://openwall.com/lists/oss-security/2011/03/08/21",
            "refsource": "MISC",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/21"
          },
          {
            "name": "http://openwall.com/lists/oss-security/2011/03/08/22",
            "refsource": "MISC",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/22"
          },
          {
            "name": "http://openwall.com/lists/oss-security/2011/03/08/8",
            "refsource": "MISC",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/8"
          },
          {
            "name": "http://secunia.com/advisories/43830",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43830"
          },
          {
            "name": "http://secunia.com/advisories/43976",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43976"
          },
          {
            "name": "http://secunia.com/advisories/43989",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43989"
          },
          {
            "name": "http://securitytracker.com/id?1025286",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1025286"
          },
          {
            "name": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904",
            "refsource": "MISC",
            "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904"
          },
          {
            "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904",
            "refsource": "MISC",
            "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904"
          },
          {
            "name": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259",
            "refsource": "MISC",
            "url": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0412.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0413.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2011/0863",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2011/0863"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=625893",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.12.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1095"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=330923",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923"
            },
            {
              "name": "43976",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43976"
            },
            {
              "name": "RHSA-2011:0413",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=625893",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
            },
            {
              "name": "[oss-security] 20110308 glibc locale escaping issue",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/03/08/8"
            },
            {
              "name": "ADV-2011-0863",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0863"
            },
            {
              "name": "GLSA-201011-01",
              "refsource": "GENTOO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
            },
            {
              "name": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904"
            },
            {
              "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904"
            },
            {
              "name": "43989",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43989"
            },
            {
              "name": "[oss-security] 20110308 Re: glibc locale escaping issue",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/03/08/21"
            },
            {
              "name": "43830",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43830"
            },
            {
              "name": "[oss-security] 20110308 Re: glibc locale escaping issue",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/03/08/22"
            },
            {
              "name": "RHSA-2011:0412",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
            },
            {
              "name": "1025286",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1025286"
            },
            {
              "name": "46397",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "name": "MDVSA-2011:178",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
            },
            {
              "name": "oval:org.mitre.oval:def:12272",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259",
              "refsource": "MISC",
              "tags": [],
              "url": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T00:15Z",
      "publishedDate": "2011-04-10T02:55Z"
    }
  }
}

GHSA-HHJF-9W4X-VHHF

Vulnerability from github – Published: 2022-05-14 02:56 – Updated: 2022-05-14 02:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1095"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-10T02:55:00Z",
    "severity": "MODERATE"
  },
  "details": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.",
  "id": "GHSA-hhjf-9w4x-vhhf",
  "modified": "2022-05-14T02:56:11Z",
  "published": "2022-05-14T02:56:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1095"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=330923"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/21"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/22"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/8"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43830"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43976"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43989"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025286"
    },
    {
      "type": "WEB",
      "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11904"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0863"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1095 (GCVE-0-2011-1095)

CERTA-2011-AVI-423

Description

Solution

CERTA-2011-AVI-571

Description

Solution

CERTA-2011-AVI-193

Description

Solution

CERTA-2013-AVI-267

Solution

FKIE_CVE-2011-1095

GSD-2011-1095

GHSA-HHJF-9W4X-VHHF

Tags

Sightings

Nomenclature